From aeeed1c138d851686f5077323a6ad472a30ca62c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joe=20K=C3=BCng?= <joekueng05@gmail.com>
Date: Wed, 11 Mar 2026 11:39:45 +0100
Subject: [PATCH] fix(front-end): fix security

---
 frontend/src/app/app.routes.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/frontend/src/app/app.routes.ts b/frontend/src/app/app.routes.ts
index c12362d..5fb79d4 100644
--- a/frontend/src/app/app.routes.ts
+++ b/frontend/src/app/app.routes.ts
@@ -1,4 +1,13 @@
-import { Routes } from '@angular/router';
+import { CanMatchFn, Routes } from '@angular/router';
+
+const SUPPORTED_LANGS = new Set(['it', 'en', 'de', 'fr']);
+
+const langPrefixCanMatch: CanMatchFn = (_route, segments) => {
+  if (segments.length === 0) {
+    return false;
+  }
+  return SUPPORTED_LANGS.has(segments[0].path.toLowerCase());
+};
 
 const appChildRoutes: Routes = [
   {
@@ -116,6 +125,7 @@ const appChildRoutes: Routes = [
 export const routes: Routes = [
   {
     path: ':lang',
+    canMatch: [langPrefixCanMatch],
     loadComponent: () =>
       import('./core/layout/layout.component').then((m) => m.LayoutComponent),
     children: appChildRoutes,
-- 
2.49.1